5.4CVSS
5.2AI Score
0.001EPSS
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.
6.1CVSS
6AI Score
0.001EPSS
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.
9.8CVSS
9.6AI Score
0.005EPSS
A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell.
9.8CVSS
9.3AI Score
0.005EPSS